CS0-002 Free Practice Test

- (Exam Topic 2)
When reviewing a compromised authentication server, a security analyst discovers the following hidden file:

Further analysis shows these users never logged in to the server. Which of the following types of attacks was used to obtain the file and what should the analyst recommend to prevent this type of attack from reoccurring?

1. A. A rogue LDAP server is installed on the system and is connecting password
2. B. The analyst should recommend wiping and reinstalling the server.
3. C. A password spraying attack was used to compromise the password
4. D. The analyst should recommend that all users receive a unique password.
5. E. A rainbow tables attack was used to compromise the account
6. F. The analyst should recommend that future password hashes contains a salt.
7. G. A phishing attack was used to compromise the accoun
8. H. The analyst should recommend users install endpoint protection to disable phishing links.

Correct Answer: B

- (Exam Topic 2)
A company’s data is still being exfiltered to business competitors after the implementation of a DLP solution. Which of the following is the most likely reason why the data is still being compromised?

1. A. Printed reports from the database contain sensitive information
2. B. DRM must be implemented with the DLP solution
3. C. Users are not labeling the appropriate data sets
4. D. DLP solutions are only effective when they are implemented with disk encryption

Correct Answer: B

- (Exam Topic 2)
A security analyst received a series of antivirus alerts from a workstation segment, and users reported ransomware messages. During lessons- learned activities, the analyst determines the antivirus was able to alert to abnormal behavior but did not stop this newest variant of ransomware. Which of the following actions should be taken to BEST mitigate the effects of this type of threat in the future?

1. A. Enabling application blacklisting
2. B. Enabling sandboxing technology
3. C. Purchasing cyber insurance
4. D. Installing a firewall between the workstations and Internet

Correct Answer: B

- (Exam Topic 1)
A security administrator needs to create an IDS rule to alert on FTP login attempts by root. Which of the following rules is the BEST solution?

1. A. Option A
2. B. Option B
3. C. Option C
4. D. Option D

Correct Answer: B

- (Exam Topic 3)
An organization is experiencing security incidents in which a systems administrator is creating unauthorized user accounts A security analyst has created a script to snapshot the system configuration each day. Following iss one of the scripts:

This script has been running successfully every day. Which of the following commands would provide the analyst with additional useful information relevant to the above script?
A)

B)

C)

D)

1. A. Option A
2. B. Option B
3. C. Option C
4. D. Option D

Correct Answer: B